Log session audit events [New in Security Center 1.3 and updated in 1.5]

  • Release version: Yokohama
  • Updated January 30, 2025
  • 1 minute to read

    • Set the glide.authenticate.session_access.log_audit_event property to true, so that session audit events will be created in the sys_session_access_audit table.

    When the Glide Property glide.authenticate.session_access.log_audit_event is set to true, session audit events will be created in the sys_session_access_audit table. It is best practice to log information about who accessed a session to assist in malicious actor investigations. Information logged will include user, session ID (non-sensitive), IP address, roles, and policies.

    Note:
    The glide.authenticate.session_access.log_audit_event system property is specific to Zero trust access. For more information, see Zero Trust Access.

    More information

    Attribute Description
    Configuration name glide.authenticate.session_access.log_audit_event
    Configuration type System Properties (/sys_properties_list.do)
    Data type boolean
    Recommended value true
    Default value true
    Category Error handling and logging
    Security risk
    • Severity score: 6.3
    • CVSS score: Medium
    • Security risk details: Not setting this property to the recommended value of true prevents events from being logged. This could prevent you from finding bad actors in the event of a cyber attack.
    Dependencies and prerequisites None